Thursday, March 11, 2010
#
In the past I wrote a blog post on how one can protect themselves from How to protect yourself from (financially related) identity theft, one of the ways I talk about protecting yourself is via identity theft insurance. I still think this is a good strategy but ran across an article today titled “LifeLock fined $12 million over lack of life-locking ability“.
As I said in my last post the devil is in the details, as with all insurance policies you need to understand what promises are actually being made and who is it that will stand behind those promises…
Wednesday, March 03, 2010
#
It’s been a very long time since I posted to the blog, that’s because there have been a bunch of changes in my life.
As some of you may know I was divorced about a year ago, I essentially have sole custody of my son, I have lost 55 pounds, taken a new job where I do not work on Information Security and as a result of all of the above I spend very little time with things like Media Center and more time on things like cycling, hiking, skiing and so-on.
In any event, my hope is that this post clarifies why I “disappeared”.
As for the future of the blog, I have worked in Information Security almost my entire career and even though I no longer work in the area I still closely follow it and I expect to post here on these topics.
I do not expect, at least in the near future you will see much on Media, I do expect to see some posts come down the line about personal things and bits about my new job.
Thanks again,
Ryan
This week is RSA, the largest security conference in the world; this is the 1st year in a very long time I won’t be there but, this year Scott Charney included a focus on the Isolation of Infected Machines in his keynote.
The timing of this is excellent (for me) because a specification I worked on in the IETF around standardizing an evolution of one of the core protocols used in the Network Access Protection (NAP), the Microsoft uses in its product (and its own Networks) to isolate infected hosts on the network will be published tomorrow, in the meantime the final draft is here.
Friday, June 19, 2009
#
Like all good geeks as soon as a software update for one of my toys comes out I apply it, so when the 3.0 update for the iPhone came out I was right there.
I had hoped that it would resolve some issues I had been having with my phone, it did not, but Apple did replace the phone for me when I took it to them.
The problem is that when I had upgraded the phone (even before the hardware switch) my backup did not restore the applications I had on my phone, for the most part that was fine because they were still available; the thing is NetShare (a socks proxy to enable tethering with the phone) was not.
With that in mind I was left looking for an alternative, it’s not that I used it frequently but there have been times where that’s been supper useful.
Being a gadget hound I follow Engadget, they recently had a post about how to enable the native tethering support of iPhone 3.0; I followed the steps and viola, tethering showed up in the UI.
I paired the device with my Windows 7 machine and I saw a new device, but no driver was found; its HW ID was:
BTHENUM\{00000000-deca-fade-deca-deafdecacafe}_VID&000205ac_PID&1292.
Notice the strange service ID in the HW ID, (looks like someone needs to get a copy of GENGUID), in any event with some research on the web and some help from some folks I work with I discovered this is ID maps to something called “Wireless iAP” which is supposedly an Apple proprietary Bluetooth profile for a Wireless Internet Access Point.
The problem is that that there is no profile for this in Windows 7 and I have not been able to find a third-party profile I can load; I may get there, and if I do I will update this post but for now it looks like I may be out of luck.
I wonder why they did not use the standard profiles for this stuff, oh well.
[Update 6/22/09 11:00AM] I am a idiot, yes; turns out I did not have Tethering "ON" when I tried this; once I did that it worked just fine... 100% user error; just tried the connetion via speedtest.net and I was getting .60 down and .20 up.
This begs the question what is this "Wireless iAP" thing, its clearly not required for this scenario.
Wednesday, January 14, 2009
#
I will use this post to catalog public resources on the Windows Biometric Framework.
If you run across any that I miss please let me know, I should reliably catch the technical content ;)
TECHNICAL
EDITORIAL
Saturday, January 10, 2009
#
For security reasons the default setting in Windows is to prevent the the direct access to removable media over Remote Desktop sessions.
In my case I almost never use my main Media Center pc directly and instead I connect in using RDP, as a result this default causes me grief.
To change the setting all one needs to do is:
- Open GPEDIT.MSC
- Navigate to: “Local Computer Policy\Computer Configuration\Administrative Templates\System\Removable Storage Access”
- Find the “All Removable Storage: Allow direct access in remote sessions” option and enable it.
Now you can right click and eject the DVDs in Remote Desktop sessions.
Tuesday, December 30, 2008
#
Those watching the advances in crypto-analytics over the last couple years (since 2004 If I recall correctly) have had interesting ride, well as interesting as crypto-analytics is.
A group of researchers just published the 1st "practical" MD5 attack, they created a rouge CA certificate that matches that a trusted CA, read this for more information.
Some highlights of the attack include:
- Attacker was able to take advantage of CAs that uses predictable serial numbers that issues certificates within a predictable amount of time
- Attacker has full control of the first 500 bytes of the colliding certificate, which means they can generate a subordinate CA certificate with a serial number unknown to the commercial CA
- The attack generates RSA keys that can be used to produce valid signatures
- The amount of time needed to generate a RSA key pair that will produce a collision is around 3 days (using a cluster of 200 PlayStation 3 machines running Linux)
- Certificate revocation cannot be used as a mitigation, unless the key being attacked is associated subordinate and the issuer is willing to revoke that certificate (affecting all children, even the legitimate ones).
- This is not a 2nd order pre-image attack and does not affect previously issued certificates
This means that they can trivially mint certificates (or any other signed object) of their choosing's that will be accepted as trusted by any entity (most commonly browsers and certificates) that trusts this key.
It sounds as if they are being responsible researchers by withholding the details of their attack until the affected Certification Authorities have had some time to re-issue those certificates.
In the end though, this is really the death-knoll of MD5, its now officially no better than a CRC.
As an application and protocol developer I have always strived to make my designs crypto-agile and agnostic to accommodate for varying customer needs, later in life when I started to appreciate the life-cycle of a cryptographic algorithm I also started to attribute those design decisions to algorithm sunseting as well; the hard part though is not design, its the operational and legal implications of such a transition.
As I said, those watching things advance over the last few years should have been preparing for this, and hopefully have action plans in place or already executed mitigating the implication of the result of the attack in question; the longer term implications though require us to move away from MD5 and the algorithms that have similar properties to it (even SHA-1 even though currently its still generally considered safe)
This is why NIST has spun up the Hash Workshop, one of my co-workers, Niels Ferguson [warning PDF link] has a horse in the race with some of his fellow cryptographers, only time will tell how this will turn out.
Tuesday, December 23, 2008
#
We just recently published a new White Paper that provides a great Introduction to the Windows Biometric Framework.
Monday, December 08, 2008
#
Today my test lead let me snag one of the laptops we recently ordered for selfhost testing of some of our technologies.
My current laptop is a X61, only about a year old and its no slouch but boy this X301 is fast, and this screen its beautiful!
Its running a recent Windows 7 build and all I can say is WOW...
I am tempted to buy one for home use!
Saturday, December 06, 2008
#
One of the more common codec related problems people run into is the in-proper registration of the "PerceivedType" and "Content Type" for a container file format. Windows expects this to be done so it knows how to discover the codecs to be used with a particular file extension.
To that end a .reg file that registers the most common container file types with the appropriate settings would look as follows:
Windows Registry Editor Version 5.00
[HKEY_CLASSES_ROOT\.ogg]
"PerceivedType"="audio"
"Content Type"="audio/x-ogg"
[HKEY_CLASSES_ROOT\.ogm]
"PerceivedType"="video"
"Content Type"="video/x-ogg"
[HKEY_CLASSES_ROOT\.m2v]
"PerceivedType"="video"
"Content Type"="video/mpeg"
[HKEY_CLASSES_ROOT\.mka]
"PerceivedType"="audio"
"Content Type"="audio/x-matroska"
[HKEY_CLASSES_ROOT\.mkv]
"PerceivedType"="video"
"Content Type"="video/x-matroska"
[HKEY_CLASSES_ROOT\.mp4]
"PerceivedType"="video"
"Content Type"="video/mp4"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Multimedia\WMPlayer\Extensions\.ogg]
"Runtime"=dword:00000007
"Permissions"=dword:0000000f
"UserApprovedOwning"="yes"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Multimedia\WMPlayer\Extensions\.ogm]
"Runtime"=dword:00000007
"Permissions"=dword:0000000f
"UserApprovedOwning"="yes"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Multimedia\WMPlayer\Extensions\.m2v]
"Runtime"=dword:00000007
"Permissions"=dword:0000000f
"UserApprovedOwning"="yes"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Multimedia\WMPlayer\Extensions\.mka]
"Runtime"=dword:00000007
"Permissions"=dword:0000000f
"UserApprovedOwning"="yes"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Multimedia\WMPlayer\Extensions\.mkv]
"Runtime"=dword:00000007
"Permissions"=dword:0000000f
"UserApprovedOwning"="yes"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Multimedia\WMPlayer\Extensions\.mp4]
"Runtime"=dword:00000007
"Permissions"=dword:0000000f
"UserApprovedOwning"="yes"